Control: tags -1 + confirmed moreinfo On Sat, 2014-11-22 at 11:06 +0000, Simon McVittie wrote: > Part of the D-Bus patch for CVE-2014-3639 was to reduce an arbitrary timeout > to make denial of service more difficult. Unfortunately it seems to have > caused failed or slow boot for some users, particularly on older or slower > systems while doing an aggressively parallel boot: > https://bugs.debian.org/769069 > > I would like to revert the problematic timeout change, and also add a syslog > message when it is hit, so we can diagnose the problem. I'm also going to talk > to the security team about reverting the timeout change for wheezy, and > possibly adding the syslog message there too. > > In addition, the upstream 1.8.x stable branch has a one-line fix for error > reporting when security policy denies permission to receive a message, > and some new notes about security contact points. I would like to release > 1.8.12 > with these in and upload that to Debian.
Looks okay to me; thanks. Please remove the moreinfo tag once you've uploaded. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
